From 5967cc5658e3a9ed32d2c085a069036c9e6aad01 Mon Sep 17 00:00:00 2001
From: Kurt Zeilenga <kurt@openldap.org>
Date: Mon, 17 Jan 2000 17:09:33 +0000
Subject: [PATCH] Even more checks around use of crypt(3).

---
 libraries/liblutil/passwd.c | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c
index 2600cf38f6..85511c0875 100644
--- a/libraries/liblutil/passwd.c
+++ b/libraries/liblutil/passwd.c
@@ -715,6 +715,7 @@ static int chk_crypt(
 	const struct berval * passwd,
 	const struct berval * cred )
 {
+	char *cr;
 	int i;
 
 	for( i=0; i<cred->bv_len; i++) {
@@ -727,6 +728,10 @@ static int chk_crypt(
 		return 1;	/* cred must behave like a string */
 	}
 
+	if( passwd->bv_len < 2 ) {
+		return 1;	/* passwd must be at least two characters long */
+	}
+
 	for( i=0; i<passwd->bv_len; i++) {
 		if(passwd->bv_val[i] == '\0') {
 			return 1;	/* NUL character in password */
@@ -737,7 +742,14 @@ static int chk_crypt(
 		return 1;	/* passwd must behave like a string */
 	}
 
-	return strcmp(passwd->bv_val, crypt(cred->bv_val, passwd->bv_val));
+	cr = crypt( cred->bv_val, passwd->bv_val );
+
+	if( cr == NULL || cr[0] == '\0' ) {
+		/* salt must have been invalid */
+		return 1;
+	}
+
+	return strcmp( passwd->bv_val, cr );
 }
 
 # if defined( HAVE_GETSPNAM ) \
@@ -792,11 +804,17 @@ static int chk_unix(
 	}
 #  endif
 
-	if( pw == NULL || *pw == '\0' ) return 1;
+	if( pw == NULL || pw[0] == '\0' || pw[1] == '\0' ) {
+		/* password must must be at least two characters long */
+		return 1;
+	}
 
 	cr = crypt(cred->bv_val, pw);
 
-	if( cr == NULL || *cr == '\0' ) return 1;
+	if( cr == NULL || cr[0] == '\0' ) {
+		/* salt must have been invalid */
+		return 1;
+	}
 
 	return strcmp(pw, cr);
 
-- 
2.39.5